[英]PKCS11 Mechanisms difference + JAVA
I'm implementing functions with PKCS11 mechanisms - CKM_RSA_PKCS and CKM_RSA_X_509. 我正在使用PKCS11机制实现功能-CKM_RSA_PKCS和CKM_RSA_X_509。 I know that both are implemented in Botan C++ library, but I have to find equivalents in Java.
我知道两者都是在Botan C ++库中实现的,但是我必须在Java中找到等效项。 Second problem is what's the difference between both of them?
第二个问题是两者之间有什么区别?
CKM_RSA_PKCS
refers to the PKCS#1 v1.5 standard (see RFC3447 ) for RSA encryption and digital signatures. CKM_RSA_PKCS
指用于RSA加密和数字签名的PKCS#1 v1.5标准(请参阅RFC3447 )。 In Java JCE, it is typically the default choice for RSA. 在Java JCE中,它通常是RSA的默认选择。
Signature.getInstance()
Signature.getInstance()
Cipher.getInstance()
. Cipher.getInstance()
。 CKM_RSA_X_509
refers to the textbook (or raw) RSA algorithm, that is, the one where no padding is defined. CKM_RSA_X_509
是指教科书(或原始)RSA算法,即未定义填充的算法。 In this case, you can simply pass "RSA/None/NoPadding" to Cipher.getInstance()
. 在这种情况下,您只需将“ RSA / None / NoPadding”传递给
Cipher.getInstance()
。 Signature can be done with decryption, wheres verification can be done with encryption (followed by comparison). 签名可以通过解密来完成,而验证可以通过加密来完成(随后进行比较)。
I would avoid implementing and using raw RSA though, unless you have specific use cases in mind. 但是,除非您有特定的用例,否则我将避免实施和使用原始RSA。 PKCS#1v 1.5 signatures are more secure.
PKCS#1v 1.5签名更安全。 For enciphering though, I wouldn't actually recommend to use either of them, because they are both unsecure.
对于加密,我实际上不建议使用它们中的任何一个,因为它们都不安全。 It's better to rely only on PKCS#1 OAEP (
CKM_RSA_PKCS_OAEP
); 最好仅依赖PKCS#1 OAEP(
CKM_RSA_PKCS_OAEP
); for that, you pass "RSA/None/OAEPWithSHA1AndMGF1Padding" to Cipher.getInstance()
. 为此,请将“ RSA / None / OAEPWithSHA1AndMGF1Padding”传递给
Cipher.getInstance()
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.